PHP Security Expert Needed-Fix Website Security Problems
$30-250 USD
Paid on delivery
Need someone to fix the following issues on my php site so that I can be PCI compliant...Fix needs to be done immediately...willing to pay $30.
No upfront escrow, start working and we will work it out (I always pay, check feedback). Will award quickly...
Here are the brief descriptions of issues:
Protocol: TCP
Port: 80
Program: http
Risk: 8
Description: vulnerability in SLwebmail [url removed, login to view] x [url removed, login to view] 11 15:07:32 2011newSeverity: Critical Problem CVE: CVE-2003-0266 CVE-2003-0267 CVE-2003-0268 [url removed, login to view]: A remote attacker could execute arbitrary commands, in some cases with SYSTEM privileges. Background: SLMail is a commercial e-mail server package for Windows. It includes SMTP, POP3, and poppasswd services, and a web-based administration service. SLWebmail is a companion package to SLMail which runs atop IIS web servers and provides users with web-based e-mail access. Resolution [[url removed, login to view] [url removed, login to view]] Upgrade to SLMail 5.5. If it is not possible to upgrade immediately, then disable ESMTP in the SLMail configuration utility, and block access to ports 106/TCP (poppasswd) and 110/TCP (POP3) at the network perimeter. To fix the vulnerabilities in SLWebmail, [[url removed, login to view] l/[url removed, login to view]] upgrade to the current version. Vulnerability Details: Service: http
Protocol: TCP
Port: 443
Program: https
Risk: 5
Synopsis : The remote web server contains a PHP script that is prone to an information disclosure attack. Description : Many PHP installation tutorials instruct the user to create a PHP file that calls the PHP function 'phpinfo()' for debugging purposes. Various PHP applications may also include such a file. By accessing such a file, a remote attacker can discover a large amount of information about the remote web server, including : - The username of the user who installed php and if they are a SUDO user. - The IP address of the host. - The version of the operating system. - The web server version. - The root directory of the web server. - Configuration information about the remote PHP installation. Solution: Remove the affected file(s). Risk Factor: Medium / CVSS Base Score : 5.0 (CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N)
Protocol: TCP
Port: 80
Program: http
Risk: 5
Synopsis : The remote web server contains a PHP script that is prone to an information disclosure attack. Description : Many PHP installation tutorials instruct the user to create a PHP file that calls the PHP function 'phpinfo()' for debugging purposes. Various PHP applications may also include such a file. By accessing such a file, a remote attacker can discover a large amount of information about the remote web server, including : - The username of the user who installed php and if they are a SUDO user. - The IP address of the host. - The version of the operating system. - The web server version. - The root directory of the web server. - Configuration information about the remote PHP installation. Solution: Remove the affected file(s). Risk Factor: Medium / CVSS Base Score : 5.0 (CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N)
Project ID: #984933
About the project
5 freelancers are bidding on average $160 for this job
Hello Sir i can check your website from the holes in php , mysql and tell you if there is any way to attack the site please check pmb best regards samarlover
we have a team of 18 members with expertise in their profession. We have made a similar kind of projects. For further information please view your PMB. Ready to work with you Regards